Reply to Message
The problem is the host UUID
The real Host UUID should always be hidden on the Internet and should remain closed and secret within that host, accessible only to the OS kernel and not to application programs (so that downloaded malwares won't have access to it to generate the decryption key).
But this host UUID can be leaked easily, by the OS itself, or using another software which has previously collected that local UUID and transmitted it to a third party (on my opinion, it should only be transmissible by the OS itself, not even by one of its hardware drivers, unless the driver is provided by the OS itself and signed by its manufacturer ; this is hard to ensure : lots of things will allow the user to know that UUID, and the user could be requested to provide this UUID, only to provide a security identity to a licence provider).
We could think about something else : using the global UUID provided by the network provider: this UUID should be inaccessible from the local host. But here again, the host may use a third party online service to have the global network UUID returned by its online query.
So what is the problem ? It is the host UUID. It should not have a long lifetime. It should expire very soon and should be renewed, discarding the old one completely. The remote malware that would have collected that UUID would only collect an expired UUID that souls no longer be usable to generate an encryption key that the malware running on the attacked host would be able to use.
Let's ban the permanent UUIDs from out computers : this includes the hardware MAC address of hardware network interfaces, which should be replaced by a software MAC address; it also includes the UUID stored in processors : accessible only by the BIOS, but NOT when the OS is running : the OS should generate its own local UUIDs with a short lifetime.
But now comes the challenge : permanent UUIDs are used to validate licences of media contents. What would happen if there was no permanent way to revalidate that licence ?
Let's say that the host is now storing a licence owned by a online user account : nothing limits the user from using the same licence on multiple host installations, unless there are some checks made online to make sure that multiple hosts are reusing the same licence, when they attempt to revalidate them in alternating times. But online licence validation has a severe impact on content usability: those revalidation cannot occur too often, not more than once each month. This would mean that the local host UUID associated to that licence would have to be kept valid for one month : much enough time for allowing a malware to transmiit that UUID to some location online, then waiting for a new malware being downloaded encypted with that UUID.
What is the best solution ? Simply drop completely the local host UUID as a secure identification mechanism for validating every software/media licences. Licences per hosts are the problem. What users want is licences per user. Licences that are valid and can be reused when the user changes or repairs his device.
Let's ban the permanent UUIDs from all hardwares/softwares/medias and licencing mechanisms.
But this host UUID can be leaked easily, by the OS itself, or using another software which has previously collected that local UUID and transmitted it to a third party (on my opinion, it should only be transmissible by the OS itself, not even by one of its hardware drivers, unless the driver is provided by the OS itself and signed by its manufacturer ; this is hard to ensure : lots of things will allow the user to know that UUID, and the user could be requested to provide this UUID, only to provide a security identity to a licence provider).
We could think about something else : using the global UUID provided by the network provider: this UUID should be inaccessible from the local host. But here again, the host may use a third party online service to have the global network UUID returned by its online query.
So what is the problem ? It is the host UUID. It should not have a long lifetime. It should expire very soon and should be renewed, discarding the old one completely. The remote malware that would have collected that UUID would only collect an expired UUID that souls no longer be usable to generate an encryption key that the malware running on the attacked host would be able to use.
Let's ban the permanent UUIDs from out computers : this includes the hardware MAC address of hardware network interfaces, which should be replaced by a software MAC address; it also includes the UUID stored in processors : accessible only by the BIOS, but NOT when the OS is running : the OS should generate its own local UUIDs with a short lifetime.
But now comes the challenge : permanent UUIDs are used to validate licences of media contents. What would happen if there was no permanent way to revalidate that licence ?
Let's say that the host is now storing a licence owned by a online user account : nothing limits the user from using the same licence on multiple host installations, unless there are some checks made online to make sure that multiple hosts are reusing the same licence, when they attempt to revalidate them in alternating times. But online licence validation has a severe impact on content usability: those revalidation cannot occur too often, not more than once each month. This would mean that the local host UUID associated to that licence would have to be kept valid for one month : much enough time for allowing a malware to transmiit that UUID to some location online, then waiting for a new malware being downloaded encypted with that UUID.
What is the best solution ? Simply drop completely the local host UUID as a secure identification mechanism for validating every software/media licences. Licences per hosts are the problem. What users want is licences per user. Licences that are valid and can be reused when the user changes or repairs his device.
Let's ban the permanent UUIDs from all hardwares/softwares/medias and licencing mechanisms.
Posted by PhilippeV
28th Aug
